podman: added openobserve podman service

This commit is contained in:
Tigor Hutasuhut 2024-07-15 15:16:53 +07:00
parent f4e6635f8c
commit 54bb0d2913
5 changed files with 79 additions and 1 deletions

View file

@ -12,6 +12,7 @@ in
redmage.enable = lib.mkEnableOption "redmage podman"; redmage.enable = lib.mkEnableOption "redmage podman";
redmage-demo.enable = lib.mkEnableOption "redmage-demo podman"; redmage-demo.enable = lib.mkEnableOption "redmage-demo podman";
qbittorrent.enable = lib.mkEnableOption "qbittorrent podman"; qbittorrent.enable = lib.mkEnableOption "qbittorrent podman";
openobserve.enable = lib.mkEnableOption "openobserve podman";
servarr = { servarr = {
enable = mkEnableOption "servarr group"; enable = mkEnableOption "servarr group";

View file

@ -36,6 +36,7 @@
servarr.recyclarr.enable = true; servarr.recyclarr.enable = true;
servarr.real-debrid-manager.enable = false; servarr.real-debrid-manager.enable = false;
servarr.rdtclient.enable = true; servarr.rdtclient.enable = true;
openobserve.enable = true;
}; };
docker = { docker = {

22
secrets/openobserve.yaml Normal file
View file

@ -0,0 +1,22 @@
openobserve:
env: ENC[AES256_GCM,data:c7XB9h82qCaV8MWTibJ2DUAjCDEgtjNvXi8B4tLfiJcws7Wfhhh5HQHiy/2Yc4q0h9QcQ9U/WNB05RVdX76H5UTsM7d9SbpG3/NW8d3yyiJlIZ7b/e4l3LD0HEM=,iv:pUcZ2S6mmFncs14HcRwEGSNh+/dz3Ut9M0kWVJwVkck=,tag:279V8olra+A1reKtZHnelQ==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1kruum2varzua7w5n6n52vhwyek2arc685rhcwt0u7k2jf5mecsjslkl9ll
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBZRmg5YURIdVNMVUFGbTNM
eXdWR0R1N09RMm4vSjRvUmw1VkV0SEFtN2s4CkhCcXgyNHFTU0hwMnNYdG5Sam9j
R21jcDY2MEhtVnZBckpsc010OEVqZmsKLS0tIDZtRmgzRWJZc1NLVVM0dkpwbUpL
Mk1OU0htcGIrWkUzdzFPZUxYb1JyeDAKQjXadi43Wr4yA89HDLsWACrHeUn265zG
qIU/QU6aO7bgoyflQfoppwD6bSqVrJMcTnTujIRA4xDtmCfNnP2cFQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-07-15T07:57:57Z"
mac: ENC[AES256_GCM,data:uY2pxpgCxOBlj2gGS+/CQ9u0pe6gYlMXlaLKfHjZwJyzAeLjKAE2DLxQVDxx1z2jxx9FoaBnmVEwIgZ399Nk0Ale8ZlN63nduzycTb0kY1Vq8+tNC5Z+LEBe6p54ORmAHQUpUpK8zG72tg3djqH4D3Lm/cyiDegp14PcmK3xRuM=,iv:EJY4zl+vuWR6GJOulF7XLhSBlwSZgq9u2BMLRPR74m0=,tag:1JU2MToCFisIqp1BC/2oNw==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1

View file

@ -41,12 +41,13 @@ in
# 10.88.0.6 -> Suwayomi Flaresolverr # 10.88.0.6 -> Suwayomi Flaresolverr
# 10.88.1.1 -> Pihole # 10.88.1.1 -> Pihole
imports = [ imports = [
./openobserve.nix
./pihole.nix ./pihole.nix
./qbittorrent.nix ./qbittorrent.nix
./redmage-demo.nix ./redmage-demo.nix
./redmage.nix ./redmage.nix
./servarr
./suwayomi.nix ./suwayomi.nix
./ytptube.nix ./ytptube.nix
./servarr
]; ];
} }

View file

@ -0,0 +1,53 @@
{ config, lib, ... }:
let
name = "openobserve";
podman = config.profile.podman;
inherit (lib) mkIf;
ip = "10.88.99.1";
image = "public.ecr.aws/zinclabs/openobserve:latest";
rootVolume = "/nas/podman/openobserve";
domain = "${name}.tigor.web.id";
user = config.profile.user;
uid = toString user.uid;
gid = toString user.gid;
in
{
config = mkIf (podman.enable && podman.${name}.enable) {
services.caddy.virtualHosts.${domain}.extraConfig = ''
reverse_proxy ${ip}:5080
'';
system.activationScripts."podman-${name}" = ''
mkdir -p ${rootVolume}/data
chown ${uid}:${gid} ${rootVolume} ${rootVolume}/data
'';
sops.secrets."openobserve/env".sopsFile = ../../secrets/openobserve.yaml;
virtualisation.oci-containers.containers.${name} = {
inherit image;
hostname = name;
autoStart = true;
user = "${uid}:${gid}";
environment = {
TZ = "Asia/Jakarta";
ZO_DATA_DIR = "/data";
ZO_WEB_URL = "https://${domain}";
};
volumes = [
"${rootVolume}/data:/data"
];
extraOptions = [
"--network=podman"
"--ip=${ip}"
];
environmentFiles = [
config.sops.secrets."openobserve/env".path
];
labels = {
"io.containers.autoupdate" = "registry";
};
};
};
}